Ocean

mirror.xyz · Shanmuga Bharathi. N · 4 hours ago · vulnerability
0 net
AI Summary

This article collection documents smart contract vulnerabilities discovered in Web3 projects, including Betverse's public function visibility flaw enabling token theft and Ocean Protocol's unprotected ownerWithdraw function allowing unauthorized fund transfers. These medium to critical severity bugs highlight improper access control in Solidity smart contracts.

Tags
smart-contract-vulnerability access-control visibility-modifier token-theft solidity ethereum web3-security function-visibility cryptocurrency ico
Entities
Shanmuga Bharathi Betverse Ocean Protocol Immunefi Oasys BToken
About Activity Share Home Explore New post Dashboard Newsletter More from Shanmuga Bharathi Shanmuga Bharathi Mar 19 Incorrect Function visibility leads to the Stealing of Betverse ICO Tokens. A critical vulnerability was discovered in one of the Testnet projects on the Immunefi Platform, the Betverse ICO Token contract’s transferTokenToLockedAddresses() function. The vulnerability was caused by mistakenly marking this function as public when it should have been an internal function. This mistake enabled anyone to transfer a specified amount of BToken (amount.div(term)) to the attacker's time lock address. Repeating this attack could lead to the sweeping of the BToken balance ... Shanmuga Bharathi Oct 14 Ocean Protocol | Unprotected owner Withdrawl function leads to Sweeping of Contract's datatoken Bala… Hello readers! This article showcases the medium-severity bug on the Ocean Protocol Dispenser contract, which allowed any user to call the ownerWithdraw() function and send the funds to the payment collector. By sending the funds to the payment collector address, the owner cannot make a successful dispense of data tokens to his destination address. Vulnerable Code: function ownerWithdraw(address datatoken) external nonReentrant { require( datatoken != address(0), 'Invalid token contract addre... Shanmuga Bharathi Apr 9 OASYS | Stealing of User's NFT From L1 Contract Protocol Overview:The Oasys ecosystem consists of two major parts by structure: the Hub Layer and the Verse Layer. The Hub Layer is responsible for the data availability, security, and stability of the entire ecosystem, with the backing of trustworthy validators. The Verse Layer is the contents layer, and it's the home for all the games. The primary concern of every verse layer is gamers and game developers. This write-up focuses on Bridge contracts implementation by OASYS with a logic b... View more Search... Ctrl + K Shanmuga Bharathi Sign in Security Researcher 🧑‍🔬 Vulnerability and security research disclosure reports Web3 security and cybersec kinds of stuff here 🧑‍💻🔬 Subscribe Subscribe to Shanmuga Bharathi Subscribe <100 subscribers
← Back to stories